i was contacted on twitter by the journalist at dailydot who broke the news (https://twitter.com/davidcovucci) because i have java code on github from ~10 years ago that reads a certain ‘nofly.csv’ file (https://gist.github.com/yawboakye/3888617). the interaction was short and i wondered what he was looking for exactly. well, it was joke code, written as part of introduction to java. all this makes me wonder where ‘super-secret-nuclear-codes.csv’ could get me
Given the revelations about massive fraud in "Russian bot" detection (e.g. Hamilton 68) I'm inclined to believe the mainstream media is still wholly incompetent at anything of this sort. Probably because the laymen don't know any better.
I don't find Matt Taibbi's reporting on the Hamilton 68 dashboard credible. Caroline Orr has written a decent article about it here [1].
From my own investigations relating to social media bot behaviour in completely unrelated spheres (new religious movements / cults online), i've sen bots primarily being used to amplify or suppress content by human operated accounts - people operating bot accounts aren't looking to have the bots become 'influencer' nodes.
When I tracked those human-operated accounts that were getting boosted, I assessed many as intentionally receiving bot assistence, and others as being completely ignorant of the bot operation but getting boosted anyway. The latter group is useful to a bot operation as it helps dilute the bot networks intentions, and may at times align ideologically as well.
This is the sort of important distinction that any genuinely interested researcher or journalist would be keen to make. There is nothing of the sort in Taibbi's post. Instead, Taibbi makes assumptions that align with his priors, (aligning we might note, extremely well with the person paying him), then goes to a handful of (likely cherry picked to be sympathetic) human accounts and says "they thought you were a bot har-har!" looking for a soundbite. I found it risible.
You're essentially asserting that some openly-biased political operatives in Washington DC are more "credible" than Twitter's moderation chief or an investigative journalist (both with access to internal Twitter documents), based on some unrelated amateur OSINT.
How can you be sure the new owners/management of Twitter and the hired "investigative journalist" are not compromised? I was very symathetic and enthusiastic about their recent pivot toward free speech. But now it's clear to me it was not about free speech but rather a certain agenda which is suspiciously aligned with Russian interests.
The truth doesn't matter. What matters is how closely your speech patterns mirror "Putin talking points". Even if those "taking points" happen to be true.
1. I described Taibbi as failing to meet a threshold of credible reporting for reasons I've explicitly stated in a fair amount of detail and further linking to a 3000 word artcle on it by someone who analyses disinformation professionally. You've characterised this as "essentially asserting". I am forced to conclude you are not a serious person.
2. Either you don't know or don't care that Dr. Caroline Orr Bueno is postdoc "at UMD’s Applied Research Laboratory for Intelligence and Security (ARLIS)." studying how disinformation works and propagates for a living. You are free to disagree with her analysis and mine if you like (how? where?) but to dismiss her work as "some unrelated amateur OSINT" tells me you're not genuine.
Russiagate truthers like Orr are analogous to Qanon truthers. They should not be taken seriously. They have a preconceived conclusion and cherry-pick evidence to support it. Both are deranged, baseless conspiracy theories designed to advance partisan interests. Full stop.
Even though I'm aware of this phenomenon I constantly catch myself believing what I read until I remind myself to double check. Of course that leaves huge swaths of things I don't deem important enough to double check.
I really wish there was a way to bring about, maybe not more accountability in media, but more faith that a news org or journalist is putting forth their best efforts to communicate correct information.
It really is a tough nut to crack in terms resources available.
The current Russian regime is very creative in its methods of disinformation.
This Hamilton 68 scandal reminded me of a ruse that the russians once set up to discredit the lists of their KIA soldiers in Ukraine.
They created a fake "human rights" group which at first republished data from credible open sources, but once they earned trust and publicity, they started throwing in bogus but easily identifiable names like soccer team rosters and such.
Then they publicly busted and humiliated their own fake "human rights" activists along with the other sources, exposing the fraud in the domestic media. The goal was to disredit the idea that the published information about russian losses (or bots in case of Hamilton 68) is trustworthy.
I am not saying that the parent organization of Hamilton 68 is a russian ruse but rather that the sources or some of the staff could be compromised.
The way the no fly list was shared, it was absolutely inevitable that this would happen. A much more secure way to handle this:
1. Airlines are each given a no fly list that only includes tokens, e.g. each person's name hashed with a secret key that is specific to the airline, on a periodic basis.
2. When the airline wants to check if a user is on the list, they hit a government-owned service that returns the user's token (again, the token will be unique for each airline because each airline gets their own secret key).
3. The airline would then check the token against their revoked token list.
The benefit of this is:
1. The full token list by itself is useless
2. Even if the airlines API credentials are stolen, the response from the government-owned service is useless on its own.
3. So a bad guy would need to steal the token list AND the API creds to get any value, and even then it would be easy for the government to detect unusual access patterns to their service.
Remember back in the late 90s when we all used to store passwords in plain text? Yeah, we know how that turned out, and in this case, storing the list not only in plain text but sharing it to tons of different companies willy nilly is a million times worse if you expect it to stay secret.
Maybe the government could also make this service available to parents, who can query it to find out if they should pick a different name for their baby?
Seriously, using names for a no-fly-list is falsehood 21.
Momentarily ignoring the myriad complexities of name matching, unfortunately you get no points for coming up with potentially technologically superior solutions for these sorts of problems.
The people involved in maintaining this system certainly knew that there were better ways to do it.
It’s an organisational / people problem. The real skill is making anyone listen to you, and pulling airlines away from a legacy system, and dealing with the inevitable claims that the government owes them $100mil a pop for “having to comply with increased compliance requirements”.
> dealing with the inevitable claims that the government owes them $100mil a pop for “having to comply with increased compliance requirements”.
It would be amusing to announce "hey the incumbent airlines each seem to think this change is going to cost them $100M to implement, so instead we're offering $80M to newcomer airlines who know damn well they can do the integration for $100k".
(not that I would want the government to do this, necessarily, I just have a mindset that is contemptuous towards the inefficiencies of ancient/giant companies)
so if you need to hit a gov't owned api for a response, then why do all the tokenization at all? Just return a boolean from that service directly to deny. It might even work better if it was off a passport number, rather than a name.
The problem is that the online service is needed, and thus ties airline boarding to the service availability. Airlines wanted an offline list, so that even without internet connectivity, they can board.
I'm no lawyer but is this even a criminal conspiracy? I thought the 1A covered third party distribution of most stolen secret government information. The media does it and profits and apparently legally.
I guess criminal conspiracy might be the wrong word. There is no prohibition on sharing hacked data as far as I can tell. There is “unauthorized access device” like having CC or SSN numbers but that’s only if you have an intent to defraud. Maybe they could argue stolen property? There is potentially copyright infringement in some cases but this is a government database so that doesn’t apply here.
I believe you are right, but then, what is government law enforcement investigting?
Anyway, the forum it's hosted on is, I'd guess, used by people for all sorts of less legal things, and they probably do not welcome this visibility and interest.
Keep in mind that many people purposefully change writing style drastically if they are assuming different identities online, as it becomes harder to link together profiles that way. Doesn't mean they are like that in real life. Doesn't mean they aren't like that in real life either, as well.
Seems there is a blog post authored by the same person credited in the dump ("maia arson crimew") describing how the data was acquired here: https://maia.crimew.gay/posts/how-to-hack-an-airline/ ("how to completely own an airline in 3 easy steps and grab the TSA nofly list along the way")
This is one of those terrifying security and operational scenarios. Sure the TSA can say nothing on our end was compromised but if the data is readily accessible to download and accessed by every mom and pop carrier with a 3 person IT staff that can barely keep the lights on is anything actually secure?
It's a weird concept that doesn't make sense: "Nobody can see it but every single company that interfaces with airline booking NEEDS to see it".
The only way around this would be for DHS to host a web endpoint that took a name and answered whether they were on the list. This still has some problems like being able to enumerate over time.
I mean, it's even more absurd than that. The data itself is rife with errors. Senator Ted Kennedy had to have himself removed from the list several times[0].
> This still has some problems like being able to enumerate over time.
1. There are eight billion people. Even if you had everyone's first name, last name and DOB you couldn't ask for more names (or more foreign names) then the size and location of your airline would allow without raising red flags with the wrong type of people. You would never get the complete list this way.
2. If you ask a DHS server if someone is allowed on an airplane, and they say no, there's a good chance that eventually someone at DHS will start to investigate. It's going to look a little bad if you don't have a reason for looking up the name. It's going to look very bad if this happens many times.
3. I wonder if an end user of an airline webportal could try to purchase tickets in someone else's and then see if it's denied to check if someone is on the no fly list.
Why would it be suspicious for an airline to use a system designed to check the flight status of an individual?
Sure, it could be suspicious for an airline to make requests that didn't line up with likely prospective passengers, but that isn't at all how you phrased your second point.
On the second point it's not the airline that it suspicious but the individual on the list. Their actions might be under investigation, and that might include attempting to buy an airplane ticket. What happens if they never actually tried to buy the ticket, but someone was trying to recreate the list? Wouldn't this type of event occur many many times, and the airline might begin to standout.
This is basically how public housing records work, right?
You basically cannot buy a house and keep your address private unless you route it through a trust or LLC. Even though the county won't up and tell you "Oh, Mr. ar_lan lives at 1234 Hacker Way", you can certainly just scrape all the data you want and construct a DB that then becomes searchable by name.
Seriously - unless the government steps in and has some sort of tunnel just between the user buying the ticket, and preventing them, without an airline employee somewhere in-between, this will just basically never be secure. I guess there could be some super severe auditing on the employeees w/ access - but that means these employees are now the ticketing agents, as well.
Enumeration doesn’t have to mean using a brute force search. One could simply make the api call and then update a local database with the result. That local database would then become the potentially exposed data.
Including the birthdate would be an improvement. Here in Canada, there's babies that get put through enhanced screening for having a flagged name, but there's an IT contract out there for many millions to provide something like redress numbers.
ChatGpt could likely generate the SQL for well under a million.
One time I went on a work trip and brought my intern along- we were meeting the people his intern project would be used by in person. Fun trip all around.
When our flight landed back in Toronto I said something like "Grab a coffee after customs and then head home?" and he's like "You go ahead. I have one of those names and I'm going to be here for a while."
"Come again?"
"There's someone out there who has the same name as me and because of whatever he did I now have to spend an hour in customs every time I come back to Canada."
Sure enough, he texted me later saying "Alright, I'm through- you still at the airport?". I was at home, getting ready for bed.
Is this not what re-dress numbers are supposed to solve? Once you get one assigned, you can enter them at the time of booking to prevent problems that might occur by sharing the same name with a known no-fly individual.
The politicians will never abolish a multi-billion dollar jobs program because having such a program to control gives them power. Being able to appoint someone somewhere, make rule changes in favor of this or that group, those are political currency and get exchanged as such in DC.
That's not what you want. If that happened whatever the TSA is doing will be done by the FBI or some other agency.
I don't know what you want; maybe a less intrusive trip to the airport? If that's the case fine - but what you want is for TSA to be more respectful of civil liberties. The way you're saying it sounds like you just want the country to be more dangerous. There's no audience for that.
> The way you're saying it sounds like you just want the country to be more dangerous
It's hard to know what dangers they're actually alleviating.
And on the flip side, they create other dangers, like having things in your luggage stolen, causing you to miss the occasional flight, normalizing intrusive government begavior, and in general just adding unnecessary friction and indignity to travel (ok maybe that last one is a stretch to call a danger).
Maybe you value these things less than the feeling of comfort that TSA may provide, but I think I'd count myself a part of gp's audience.
Edit: not to mention the opportunity cost of all of that tax money. Though there is something to be said for providing jobs... but you can probably think of plenty of jobs programs with a better ROI.
If anyone wants to kill a lot of people, disrupt air travel, disrupt the economy and spread fear they can just set off a suicide vest in the middle of a TSA screening line. We're not any safer by having a planeload of people all standing in line to be screened.
TSA lines are way larger than a planeload during holidays. Doing things to the TSA line would be far more effective nowadays than doing anything involving planes.
Same as the rest of the world, metal detector and possibly luggage scan of larger luggage. US airline security is a ridiculous jobs program for the most part. People have been using the phrase "security theater" since the TSA was invented, and with good reason. Taking your shoes off at security is outrageous, no other country requires this on a regular basis.
Security theater has no impact. 9/11 had two important outcomes: locking the cockpit door and making passengers aware that hijackers will crash the plane rather than detour it to South America, ensuring that they will never again assume that sitting back and letting the hijackers do what they want is acceptable.
THOSE things made air travel safer. Body scanners and confiscating pocketknives did not.
To describe the current behavior as "confiscating pocketknives" isn't even accurate - third party testing of how well the TSA actually detects and confiscates items like knives, guns, and (fake but real looking) explosive devices shows that they miss the vast, vast majority of items. Like more than 90% of them.
Nobody who wants to succeed would bother going through TSA.
'Known Crew Member' goes around TSA. Even TSA goes around TSA since they added the shiny metal badge on their shirts in 2008. Airport vendors bring in tons of product every day through side gates.
Strong flight doors which are locked and better procedures stop the hijackers.
Assuming someone managed to hijack a bunch of planes again, I doubt they could reproduce 9/11. The government would shoot them down.
Sure they could kill everyone on the plane, but a train has more passengers than a plane, and a determined terrorist could probably kill everyone on a train.
> Assuming someone managed to hijack a bunch of planes again, I doubt they could reproduce 9/11. The government would shoot them down.
They don't really need to hijack planes, they just need a few hundred thousand dollars and a NetJets account. Also, if you read some of the BlueLeaks documents you can tell the government is very worried about vehicle ramming attacks. The unfortunate truth is that anyone with a little bit of money and willingness to die for a cause if coordinated can cause massive amounts of damage. We are lucky that most terrorists aren't that smart.
probably the likely outcomes of terrorism. On a plane the whole thing is demolished in a crash because of the kinetic energy involved in colliding with the earth. For a train probably not the same degree of destruction is attainable unless you like bomb a bridge or something of the sort.
> More than thirty buildings in Lac-Mégantic's town centre, roughly half of the downtown area, were destroyed, and all but three of the thirty-nine remaining buildings had to be demolished due to petroleum contamination of the townsite. Initial newspaper reports described a 1 km (0.6-mile) blast radius.
It's strange that every commercial airplane passenger has an interaction with a federal employee. This isn't true for busses, trains, ferries, cabs, or any other mass transit system. It feels like something more appropriate for an airport employee, with local PD on premises.
What security benefit is there for this list being secret? Sure privacy may be an issue but I should have the right to know if I am on it as I see absolutely not benefit if this list being secret other than the government having another reason to put people in jail.
Also if you know you are on it you can save the airlines and everyone else a lot of trouble by not trying to fly in the first place.
Good Faith: Bad guys would know to find someone different if they knew who could and couldn't fly.
Bad Faith: Fear. You better stay in line or one day you'll be trying to get on a flight and suddenly can't. It's your "permanent record" for adults.
Bad Faith: Accountability. Not having it exposed means the gov't can pretty much put anyone on there for any reason without having to worry about silly "public pressure" and "questions about why so many middle-eastern people are on it." You know the ACLU would be all up on that list researching every single person on it and calling them on their bullshit.
I'm guessing the official position is something like "If a suspected terrorist know they are a suspected terrorist, their behavior might change in order to hide easier, and sometimes we put suspected terrorists on the no-fly list, so if they could see that, they could figure out we now suspect them of something.". But that's just a guess, maybe there are better reasons out there.
Maybe they handle it the same as if you trigger the anti-fraud system for the various IT companies ie they don't tell you anything but "I'm sorry but we cannot accept payments from you and I can't tell you why".
To be honest, the whole thing sounds like a farce, just trying to get some understanding from perspective I don't myself hold.
If the list were public they could know this in advance though, and send someone who hasn't yet been flagged and so attacks would be harder to thwart. This is only hypothetical though, and given the size of the list I'm skeptical it's all that reliable to begin with.
Let me tell you about the No-Rent list. Oh yes, if you fuck up a rental car or boat or do any kind of chargebacks for the rental, you will be immediately and automatically added to the No-Rent list for that company. Sometimes these lists can be distributed to central repositories where other rental companies can choose to follow the suggestions and not rent a car to you due to your status as high risk. One of my earliest jobs involved working on a system with such a list. I’ve had quite a bit of experience in engineering solutions to keep people in check.
I suspect there might be something for real estate, but more fragmented. You could end up on a no-rental list and be banned from renting property. I am certain Airbnb has such a list as well.
You have nothing to worry about if you’re a regular well mannered citizen. Otherwise why rent to someone with a history of making a company lose money each time they rent? Some customers aren’t worth the hassle.
On the US side, you get "turned away" (or at least taken for additional questions) at security screening. It happened to Ted Kennedy years ago (apparently, some criminal/terrorist once used "T Kennedy" as an alias, so Sen Kennedy, along with ~7000 other Americans, would have been flagged).
On the international side, I assume you get stopped somewhere between check-in and boarding (but not sure if it's up to local security or the airline agents). If not that, you'd be stopped at immigration once on US soil.
If you are on a no-fly, one should be notified that at the time they attempt to purchase a ticket, and before payment is taken for said ticket. No exceptions.
You can obtain a Redress Control Number[0] from the DHS which acts as an identifier if your name matches that of someone on the no fly list. Most airline reservation systems support this as it has been around for ~10 years.
What a fucked system. A passport number is surely the right thing to use. Linked to a document that is hard to forge and if a terrorist can forge a passport, well, they will use a name not on the list eh?
The airline probably lets you buy a ticket but "technical errors" prevent them from printing a boarding pass when you go to check in. Then a circus of head scratching ensues while the desk staff stall for time until your flight leaves without you. Then, weeks later when your refund case is handled they tell you in cryptic terms that they are unable to process your reimbursement transaction but not why.
It's a civil limitation AFAIK. Those on the no-fly can still buy a gun lol. Probably can charter your own flight as well or fly your own private plane.
It depends on your name. These lists are literally a name match.
If you're "John Smith", it's likely you're on multiple lists and will get separately hassled by multiple entities. A guy I grew up with had an FFL and would get flagged for followup when buying guns at retail because of his common name.
For those not in the US you wouldn't get as far as the plane because your ESTA would be denied first. Then your visa would be stuck in "Administrative Processing" forever.
I think you get detained and sent to the shadow realm. OK the shadow realm part I made up but I'm sure there aren't good things that can happen to you once the government detains you.
> good things that can happen to you once the government detains you
I think they have to charge you with a crime within 24 hours. All of the corner cases that you read about in the media are things like "but what if they're fighting in Afghanistan and they magically end up in Cuba on a military base, do we still have to arraign them?" That's apparently a tougher question (even though the answer is obviously yes), but if you end up in central booking in some random US city, some judge will have to spend 10 seconds looking at your case and decide whether or not you can get bail.
So you're not going to get disappeared to a shadow realm if you buy a plane ticket and you're on this list. You might still have an extremely shitty day, though. The criminal justice system is not fun.
I have always imagine walking through airport security like a normal person, then out of the blue you are tackled, arrested and charged with “illegal attempt to board a plane” and sentenced to twenty years in a federal prison.
An over-reaction to be sure… I expect no less from modern US laws enforcement.
That's quite the imagination. You get denied a boarding pass if you are on a no fly list, asked to leave the airport, and told to contact DHS. If you are on the terror watch list, or have active arrest warrants from a court, you will be arrested. If you attempt to evade and resist arrest, then yes, you will probably get tackled and tuned up.
People usually confuse the terrorist watch list with the no-fly list. The former being a list of persons known to having some involvement in terror activities in groups designated as terrorist groups by the US State Department.
The No-Fly list is generally full of criminals, unruly passengers, and people who have gotten violent on flights with crew or other passengers. It is also imperfect, with false positives occurring with people who have the same name as another listee.
It should be noted that the US government may not use the No Fly List to prevent U.S. citizens or permanent residents from returning home to U.S. territory, since doing so is a violation of the 14th amendment.
The terrorist "watch-list" is a database of people that the US government considers at-risk of committing acts of terrorism. Whether you believe that is another story.
The no-fly list is a subset of the terrorism watch list. Criminals, unruly passengers, and violent offenders are specifically NOT on the no-fly list unless they're also on the terrorism watch list[0].
Unruly passengers are sometimes added to a no-fly list for a specific airline, but there is no national no-fly list that private companies are eligible to add to[1], and despite being charged federally with a crime in the air, you are not eligible to be added to the no-fly list for that reason.
The no-fly list is reported to have 1.5 million names on it. (the public didn't know how many names were on it until it was leaked).
If this is a subset of the "terrorist watch-list", then that terrorist watch list must have even more names on it? I think you're implying many more? 5 million? 10 million? People that the US government "considers at-risk of committing acts of terrorism," really?
There are, what, a couple dozen acts of terrorism a year? (I don't know whether we're talking about in the US or globally or what). But millions of people the US government "reasonably" considers at risk to commit them? This seems... odd, no?
Anecdote: my father (swiss as long as the family tree goes back) lived in Lebanon for a year in his teens, accompanying my grandma who was a translator. When my brother came to the US to become a cook there, he was turned away at the airport (and subsequently had to buy a return ticket) and that was the stated reason.
Its really not that hard to imagine the US gov. adding every person from the middle east that has ever flown in a plane to that list.
So at the link that ianhawes helpfully provided, the US government describes the terrorist watch list as "[having] information on people reasonably suspected to be involved in terrorism (or related activities)."
I don't think we knew how many people were on it before. But if it's a strict superset of the no-fly list, then we now know it's at least 1.5 million people.
I guess the only odd thing is that a lot of people seem to believe the USA government's line that more than 1.5 million people are "reasonably suspected to be involved in terrorism or related activities", when there are maybe a few dozen terrorist attacks a year. ("reasonably"! "related activities" huh?).
From snowden's leak I think, we know that the NSA does have "lists" that you get catalogued into through various actions. One example was that anyone who had visited the Tor website (like the place to download the Tor browser) was on a list. IE, most tech professionals are likely on many lists.
It's likely (though conjecture) the "lists" you are on, really the buckets you are in, are used as an input to some sort of "is a terrorist" qualifier, which sorts certain people into a priority queue to be tasked to other NSA agents to look into your details and pass you off to someone else if you seem sus, basically like companies that sell credit card fraud prevention.
Or you know, some sort of score that represents your social, let's call it "credit". Except you aren't allowed to request this score once a year.
The fbi.gov page you helpfully link to (thanks!) actually says:
> In fact, the vast majority of people who have disputed travel and appeal to the Department of Homeland Security’s Traveler Redress Inquiry Program are not on the terrorist watchlist.
> Most people on the terrorist watchlist are still able to fly within the U.S. A very small subset of people on this list are on the “No Fly” list.
Wow, so 1.5 million on the no fly list are a "very small subset" of (also from that page) "people reasonably suspected to be involved in terrorism (or related activities)", who have met "specific intelligence-related criteria", and which "Internal and external auditors regularly review... to ensure all laws and policies are being followed and that the information on the watchlist is accurate."
If 1.5 million people is a "very small subset", the whole list is... 10 million? 50 million? 100 million?
Something definitely ain't right.
I wonder if this clue as to the size of these lists can help organize some opposition, because it seems to indicate things are not what they say.
What's the basis for arresting someone for just being on a watch list? That sounds unconstitutional.
I was added to a watch list long ago that results in me being tossed in a cell and "detained" for up to 24 hours every time I go through customs but they always make it exceedingly clear I'm not under arrest (granted while sitting in immigration holding cell it doesn't feel much different).
It really gets annoying just being told by CBP "you know what's next" while never being able to find out what list you've been put on. I hope more of these lists become public.
Too bad there isn't a "reason" column showing even a summary of why they ended up on the no-fly list - probably because the reason is too sensitive for the people who regularly access the list to see.
Isn't there a bullshit reason for that? Something like if they say why they're put on the list, it becomes an accusation of a crime and then punishment without a trial, but maintaining a list of people who can't fly is somehow OK.
A bunch of information like that (along with citizenship and so on is redacted), probably before the TSA gives it to the airlines. that way they can truthfully say they don't know why their computer said no. The ID fields for the entries start at 1 and run upwards chronologically thought not monotonically because people get removed from the list.
I'm very curious about this list and whether I'm on it. I have an extremely common Anglo-American first+last name and there was a period of years when I would regularly get my boarding pass stamped "SSSS" and pulled aside for the secondary screening almost every time I flew, which at the time was 5-6 times a year or more.
Now, my name is truly so common that I have convinced myself there was something more than just that name triggering the SSSS designation. Otherwise, most major airports would have been patting down someone with my name multiple times a day. I suppose that's possible, but if so it would really damn the value of this sort of list. The extra screening did seem to depend on which airline and which airports I was using, so maybe there was something else going on. Or maybe some dude with my name just crossed some line he shouldn't have and me and everyone else with that name paid the price for a few years.
List like these must be publicly available to anyone, like credit history/score. Also, there must some justice process for getting in and out of this list.
I still don't understand how societies accepted no-fly list, civil forfeiture, de-banking, de-platforming people and other clearly totalitarian practices in or "democratic" and "free" countries.
At least for the no-fly list (because I'm old enough to have watched the change happen):
9/11 caused an existential panic in the US public that made them willing to accept several new things in the name of safety against a threat model they did not understand. Once those things were in place, (a) burden of proof that removing them doesn't jeopardize our safety rests on those calling for their removal and (b) the average citizen can see the list doesn't impact them so they have little opinion on keeping or removing it.
In short, it was a sticky-bit that once stuck, is hard to un-stick because people don't, generally, feel less free (day-to-day) with it in existence.
>existential panic in the US public that made them willing to accept several new things in the name of safety against a threat model they did not understand
I'm old enough to have watched the change happen. There was no existential panic, but a straight up propaganda campaign waged by a collaborative media and government to ensure that this would be accepted, and that dissenters would be seen as "the other" to be feared and reviled, and potentially targeted for law enforcement action.
It's both. There's no doubt the ruling party invested time and effort selling their solutions to the public, but the public was also buying because all of a sudden, men armed with automatic rifles standing in the airport security lines was a comforting sight, not a terrifying one, for many, many Americans.
ETA: Regarding effects on the American psyche, https://www.webmd.com/balance/features/american-psyche-post-... summarizes some of the post-9/11 research. Probably most of interest is that 21% of Americans studied by a researcher at Carnegie Mellon believed they would be the victim of a terrorist attack within a year. That number proved to be a way-outsized overestimate, but I think it's easy to see how people accept new curtailments to freedoms (especially someone else's freedoms) if 1-in-5 of them believe they'll be personally attacked.
> all of a sudden, men armed with automatic rifles standing in the airport security lines was a comforting sight, not a terrifying one, for many, many Americans.
Once again, because of the media amplifying the terrorism over and over, repeatedly playing it on every screen and telling everyone that they were under attack. Just as you're arguing that popular opinion shouldn't be ignored, neither should the centralized actors driving that opinion. They feed into each other, and downplaying the involvement of one category of actors only serves to hide their share of the blame.
No disagreement. When Americans panic, they look for people to explain the problem, even if those explainers are ignorant, and for people offering solutions, even if the solutions are bad. It's a recurring historical pattern.
It's worth noting that since the American news model is fundamentally capitalist, one can assume, once a panic starts, that cognitively-dissonant news will be downsampled. I don't know how to disambiguate "the media caused / fed a panic" from "people weren't interested in hearing 'everything's okay and nothing has fundamentally changed' when there was a crater where two skyscrapers used to be." Did the media feed a panic, or did the public tune out cool heads?
The same way we disambiguate what's right versus what's commercially expedient across the whole gradient of (soulless, dodgy, unethical, malpractice, fraudulent). It does not matter that people want to hear garbage that reaffirms their lazy beliefs - if you are in a position of power and take the easy/lucrative road of base affirmation, rather than the harder route of actually leading people somewhere productive, you are a bad person and you should feel bad. And people that know better should condemn you for that, rather than tacitly accepting your sold out self interest.
Also if I'm reading your comment correctly, characterizing potential leadership as "cognitively-dissonant news" is a bit weird, especially with "cognitive dissonance" commonly referring to the rejection of criticism in the larger run up to the war on Iraq. With both points it feels like you're nominally agreeing, but still trying to push this framework that the news media and other leadership is inherently blameless.
I don't think either the federal government or the media are blameless (that's a federal government that authorized torture; they're obviously not blameless). But I also think we like to pretend the American public got duped or are blameless when it's (a) Americans who elect the government and (b) Americans who buy the newspapers (especially in that era, when online advertising hadn't yet eaten the printed word). There's a certain minimum "citizen's responsibility" that nobody gets away with just dodging in a country where they're obligated to choose their leadership and hold their own press accountable.
> Also if I'm reading your comment correctly, characterizing potential leadership as "cognitively-dissonant news" is a bit weird
Because Americans elect their leadership, they have the advantage that many (ideally, most) voted for them and so are inclined to follow them. But they also have the disadvantage that Presidents are not thought of as infallible rulers with any kind of mandate from heaven, so when things get tough their position is a lot more fragile than many would assume. You can easily see this play out in how an untrusted executive failed to handle a pandemic recently; it didn't matter whether they were right or wrong, much of America had that President and his administration pegged as "nominally and legally in charge, but too stupid to follow" and discarded federal guidance the minute it inconvenienced them unless force of law (often and mostly: state law) prevented them from doing so.
In the run-up to the Iraq War, the cognitively-dissonant news was media suggesting Saddam Hussein's administration was not involved in global terror. True or false, it didn't fly because Americans wanted someone to blame that they were confident they could kill (as opposed to the guy who'd successfully evaded capture in Afghanistan) and Hussein was a very easy-to-believe target because he was already one generation's default bad-guy.
(But to be clear: the executive in charge during 9/11 did orchestrate a hell of a lie to get the US into another war in Iraq; that scenario is well-documented and involved multiple overt fabrications of information. I may assert that a more skeptical public that wasn't having a panic may not have bought those lies, but that's not intended to downplay the responsibility of the liars).
I think the takeaway from this sub-thread is "Scared Americans and power-hungry leadership make for a bad combination." But the larger point I wanted to emphasize is that the consequences of those changes to American law aren't as reversible as just declaring "Well those guys were monsters;" bits like the no-fly list are sticky even if the people who implemented them were bad-faith actors.
>There was no existential panic, but a straight up propaganda campaign waged by a collaborative media and government to ensure that this would be accepted, and that dissenters would be seen as "the other" to be feared and reviled, and potentially targeted for law enforcement action.
I'm also old enough to have seen the change happen, and maybe it's just that you and I lived in separate bubbles, but I really don't agree with this. I absolutely did see an existential panic in the general population, we were in an insane frenzy, and I don't get the sense that the media or government needed a propaganda campaign to get this sort of shit passed. Aside from a very small number of dissenters (including myself), we were all out for blood and there was no such thing as too far. Hate crimes against People Who Look Vaguely Like They Might Be Muslims shot through the roof, in spite of the government trying to quell that sort of thing. Giant flags the size of New York City were being flown on peoples' cars left and right. Normal Americans were absolutely NOT acting normal and didn't need any push towards supporting insane policy ideas.
The trick for these kinds of anti civil rights programs is to keep its application limited enough that not enough people are directly or indirectly affected to raise hell over it.
Keep the affected individuals at <1% (I don't know the real number) and it's a small enough set of people that they'll silently fall through the cracks. Be careful to not accidentally use it against people who are part of rich and powerful families, because they'll make a stink. Use it only against the poor, immigrants, or otherwise socially disconnected and you can keep doing it in perpetuity.
Honestly even if it was "accidentally" used against someone rich and connected, they would just make a phone call and have it fixed. For something like the no fly list it would probably get corrected in time for them to make the flight.
The funny thing is, they are expanding it. It's still probably below the 1%, but it seems society has an appetite for expanding civil law to circumvent the (limited) protections dound in criminal law, like proof beyond a reasonable doubt or access to an attorney. Red flag laws and the TX abortion law are some recent evidence of this.
The French consumer credit system resembles the U.S. no-fly list. Bankers have discretion on making loans and sharing consumer records, which are absolutely maintained. But consumers don’t get to look into the black box.
> But consumers don’t get to look into the black box.
Nor your landlord, nor the shop in which you'll go buy a new bicycle, &c.
Also, it's much harder to get a credit in France, you don't get on the list randomly. So all in all it's completely different thing since it won't impact your day to day life for simple things such as renting a flat.
Ah, and you can still fly, you just can't get into more debt.
I’ve bought bicycles in America. Nobody checks credit.
> much harder to get a credit in France
If you aren’t rich, yes. If you have a personal banker, credit flows.
> you don't get on the list randomly
You do if you’re my friend and a SocGen clown mis-reports your mortgage as in default to the BdF.
Both systems, the U.S. no-fly and French consumer credit, share common impetuses. They’re necessary, particularly for the elites. But they’re ideologically distasteful. So a system is maintained, shrouded in secrecy and, ideally, kept clear of the hoi polloi.
The alternative to credit scores is that some banker, most of whom grew up upper middle class or upper class, meets you in person, nods at your firm, masculine handshake, and decides they like the cut of your jib, complexion of your skin, and accent of your voice well enough to give you a loan and/or a reasonable rate. The inherent discrimination of this process is a huge part of the reason we shifted to credit scores in the 80s.
Credit scores are objective, algorithmic measures of credit worthiness that anyone can game upwards by following the rules. The alternative is subjective measures that are applied erratically by different human minds that will always be riddled with bias.
Eh, I don't know if I agree with that. I know a few people who have gone the alternative route; proof of utilities paid, lack of back rent, etc.
From the outside looking in it seemed to be a bit more hoop jumping, but overall more palatable than 3 private firms, who don't give damn about you, aggregating your financial history with financial institutions' best interests in mind.
Credits scores for loans make sense. But increasingly they are being used as proxies "general trustworthiness" which they are not well designed to support, even if there is some rough correlation. They shouldn't be used a gate to employment, or rental housing (some of the factors apply, being able to afford rent, or prior payment history are relevant ... but the scores are still abused beyond those factors).
Or the alternative is that we have much less credit, the prices of assets become a lot more affordable, and wealth remains better distributed throughout society rather than being sucked away into the financial industry by the servicing of perpetual debt.
None of the things you mention are incompatible with a free democracy, just so long as the process by which people get on (and off!) these lists are transparent.
But unfortunately that is often where things break down.
Apply for a redress number. If it's granted, you are all set. If it's denied, well you have your answer as to whether you were really on the list or not.
That may help determine if you are on the list if they reliably grant or deny redress requests based on being off or on the list (I'm not sure), but it doesn't help getting off the list if they've actually but wrongly chosen to list you, or if they aren't adequately convinced you're not the person they meant to list.
Civil (asset) forfeiture is literally license for the executive branch to rob people for practically anything they can think of with almost no recourse [0] and pad their department/agency's pockets.
[0]: "the accused is/are the asset/s not the person/entity robbed by the police/TLA"
Yeah I agree, that sounds pretty disturbing. I left out a critical part, that is the rules should not only be transparent but also agreed upon by most people.
1) Power comes from the people. It is centered in churches, families, and limited local city governments.
2) Power comes from the government. The federal government has the most power and the power decreases all the way down to the local level, which has the least power.
The second group, obviously, has become richer and more powerful. It has also done a good job of capturing the minds of the richest and smartest people in the country, who have been convinced that problems require government solutions.
There are a lot of people who don't accept these sorts of things, but they're called racists, white nationalists, nazis, and all other sorts of horrible (and usually illogical) things. To people who aren't politically active or don't have a good understanding of political philosophy, these accusations are very effective.
"What you oppose a national list of people who are standing in the way of our great society? What are you a nazi?" etc.
I’d love an example of a person from the first group who was called a white nationalist because they think power comes from the people and not the government.
The Nazi flag was there because somebody was calling Trudeau a nazi. As in: the thing they were there protesting they thought was similar to Nazism, and they think that is a bad thing which is why they are there protesting.
There was as far as I can tell one instance of somebody doing this, and they were immediately denounced and told to stop. I agree, btw. Trudeau is an authoritarian, but he isn't a Nazi.
The problem I have with #1 is always “churches”. They are very powerful institutions and have disproportionate leverage wherever the government doesn’t step in. E.g. Catholic hospitals that won’t prescribe birth control.
Government, for better or worse, is secular. I don’t have to be concerned that I am subject to the rules of someone else’s faith when I need help from an organization larger than myself.
Are you sure? How much US Senators are openly atheists? I was shocked about 5 years ago, when I learned, that (about 5 years ago) answer was two. Yes. Two.
Look at anti-abortion laws in USA: they are all religious-based!
And it is not only USA. Poland. Russia. Greece. Some places in Germany. Not to mention Iran, Afghanistan, UAE, Qatar, Yemen...
If you’re down on your luck, participation in an organization willing to support you is not voluntary. Right now, if you need help in America, your options are either the government or faith-based organizations.
I know from experience, I’m just getting back on my feet after my own run of bad luck.
I’m not in love with the government by any means. It is inefficient and incentivizes corruption. If all the money that moved through faith-based organizations instead moved through secular organizations, I would be interested in “small government” reforms.
de-platforming isn't a state operation. it is a community moderation and liability management tool among private entities in a shared space. I think its a false equivalency to say that "not being allowed to spew hate speech on twitter" is the same as "having your house stolen by the government". Also twitter has an appeal process and most of the time they just ask you to delete a tweet.
The FBI did send tweets and accounts to specific Twitter employees and repeatedly emailed them about those tweets and accounts asking for a follow-up on their status. The FBI said it was only notifying Twitter of censorship candidates, and allowing Twitter to make any decision it wanted, but the agency has a history of thinly veiling its coercive pressure on private individuals.
one congressman complaining to twitter about some content (some of which does break TOS) and sometimes getting his way is still not the same as being blacklisted by the state. "The Twitter Files" isn't some bombshell report on goberment control under threat of violence, it's a bunch of political agents doing what they do best: Complaining. I cannot stress this enough: government repossession of assets and freedoms like air travel are enforced under threat of violence and imprisonment. Emailing twitter execs because you dont like content is largely toothless and twitter can refuse or sue at any time.
The parent of this thread: "de-platforming isn't a state operation." A sitting Congressman (The State) made the request. And they were eventually shadowbanned (twitter calls it deamplification) So yes, it was a state operation.
The rest of your comment reads like beginning of The Narcissist's Prayer:
That didn't happen.
And if it did, it wasn't that bad.
And if it was, that's not a big deal.
And if it is, that's not my fault.
And if it was, I didn't mean it.
And if I did, you deserved it.
I think you are oversimplifying my frustration with the original comment.
The original comment put civil asset forfeiture and no-fly lists on the same moral plane as deplatforming. The difference between deplatforming on twitter and the others is the threat of state violence. My frustration with the outrage around "The Twitter Files" is that y'all equate lobbying with state violence. I do not think that congressmen directly lobbying with twitter execs is necessarily good, but i also don't think its on par with the state disappearing people. I think it is just a distraction from real state overreach domestic and abroad and makes people like you view it as a liberal brainworm thing, when both parties are responsible for the real threat of state violence.
Twitters choice to comply or ignore the lobbying requests is within their rights as a private institution and there is no credible evidence of state coercion other than a congressman complaining.
>6.Even when Twitter didn’t suspend an account, that didn’t mean they didn’t act. Schiff’s office repeatedly complained about “QAnon related activity” that were often tweets about other matters, like the identity of the Ukraine “whistleblower” or the Steele dossier:
>7.Twitter policy at the time didn’t ban QAnon, but “deamplified” such accounts. About the batch of tweets that included those above, Twitter execs wrote: “We can internally confirm that a number of the accounts flagged are already included in this deamplification.”
I honestly don’t understand the use case. Let’s imagine the list is public and the process is transparent. Who would you put on it and for what purpose?
Who are those people dangerous enough to never be allowed on a plane (despite being searched, xrayed, water bottles and corkscrews taken away from them), yet not dangerous enough to roam free everywhere else?
1) At some point, if you are on the list, they will have to tell you. If you were on the Selectee list, they could try to pretend that the additional screening was random/risk-based, but if they don't let you fly at all, they have to tell you that.
2) Aren't most of the people on the KST (know/suspected terrorist) list non-US citizens? If so, they have no chance of legally entering the US, so if they are flying here, they must be using a false identity. I'm not sure what the point of even having them on the list.
Because if the government even thinks you might be a terrorist, they are not going to give you a visa/allow you to enter. And those checks are far more thorough than the checks to board a plane.
The only exceptions I could see would be some of those people might be allowed in as representatives of a foreign government, and there might be a few people who already have green cards and the US doesn't have enough evidence to remove them.
Americans also criticize America for this. I mean just look at this thread. Why would it then be surprising that they criticize China for it? That seems like consistent beliefs. Even before we bring in the reality that there's nuances and the two systems aren't identical and would be absurdly naive to believe they are.
> Also, there must some justice process for getting in and out of this list.
This is backwards: there should be a justice process _for getting onto_ said list in the first place. The US Government has 0 authority to remove a right from a US citizen without a trial.
The US Constitution is silent on whether or not this applies to non-citizens unfortunately, but my recommendation is handcuff the government's power whenever possible.
Aren't freedom of association and trade rights? Isn't the government restricting the airline's freedom to associate and offer services to any customer?
False equivalence. The no-fly is about boarding the airplane at all, not operating it. And AFAIK there are only the narrowest of methods of preventing someone from riding in a vehicle, almost assuredly associated with criminal proceedings.
And, even if you don't have a license to drive it's illegal for them to even check unless there is RAS you've committed a crime to initiate a stop. Meanwhile TSA searches you on no RAS.
Positive right to be given food is different than negative right to not be stopped from obtaining food.
Blocking someone from riding in a common carrier ordinarily open to the public falls under the "negative right" which is the variety of rights usually ascribed.
> List like these must be publicly available to anyone, like credit history/score.
Devil's advocate, but the point of the no fly list is to stop someone carrying a flagged ID->person mapping from getting onboard an airplane. (Because fake IDs exist, IDs are not 1:1 to people!)
If the no fly list was public, then people who wanted to get on an airplane and cause devastation would see if their current ID is blacklisted, and if so, go get a new ID under a different name. Hard but not impossible, especially with RealID constantly being delayed.
If America had verified identifying documents that couldn't be easily forged, this wouldn't be a problem, but that isn't the infrastructure we have right now, and it really wasn't the infrastructure we had when the no fly list was implemented.
Without biometric IDs, the no fly list is essentially a blacklist of IDs.
How the list is used in practice is a separate discussion from the threat modeling exercise of should the list be public.
Remember: the alternative of (non-government required) deplatforming is that anyone can do anything they want on any platform. Want to flood knitting forums with porn? Well they cannot refuse you! And that just makes it impossible for anyone to actually organise anything without constant trolling...
>I still don't understand how societies accepted no-fly list, civil forfeiture, de-banking, de-platforming people and other clearly totalitarian practices in or "democratic" and "free" countries.
Look at all the disgusting and "inconsistent with your values" behavior you, or if not yourself then the other people who support your causes, will turn a blind eye to, minimize or at the very least object less to when it benefits your cause(s). Now scale that behavior up to all the diverse groups and causes that exist across a nation of 330+mil. That's how.
"Cruel and unusual" has always been a very conceptually-flexible term.
Regarding flight: nobody is assumed to have a right to fly, so the privilege of access to flight is easily revoked.
A "no crossing state lines" list, in contrast, is heavily mediated by the judicial system and the burden generally only placed upon those intimately and immediately entangled in a legal action.
Some of these are perpetrated by a government or agent of a government and shouldn't be tolerated at all.
Some of these are perpetrated by private companies and it's a much more gray area whether or not it's ok. "De-platforming" gets a lot of press but Twitter, Facebook, et al are under no obligation to let any particular person or group use their platform, nor should they be.
In one area, they don't, at least in the US. It was proposed at one point that the "no fly" list also be used as a "no gun" list. The gun nuts screamed.
The gun nuts scream at everything, anything, and sometimes when it's nothing.
The no fly list still shouldn't be used for gun control. If we want gun control, we should look to do it in a way that doesn't further entrench the horse shit the USA implemented after 9/11
Interestringly the spreadsheet includes the columns SID,CLEARED,LASTNAME FIRSTNAME,MIDDLENAME,TYPE,DOB,POB,CITIZENSHIP,PASSPORT/IDNUMBER,MISC, but only LASTNAME, FIRSTNAME, DOB is populated.
Our industry is still not, in general, an industry that employs licensed professionals. Subsets of it, to be sure, but there is no such thing as a "computer engineering license" in the same sense as a "civil engineering license," for example.
If there were, using production PII in the test infrastructure would be grounds for license revocation.
I wonder if they got the list from crimew or if they followed the directions on her blog. You'd hope the offending airline would have fixed the issue over the past few weeks but who knows.
If she really didn't do any pre-disclosure then it seems inevitable other people managed to grab it directly. I doubt she had much desire to share it after the long uncomfortable phone call she must have had with the FBI right after the post went live.
What are the ethics of publishing such a list? The act of doing so exposes people and damages their reputations, and because there isn't a just procedure for adding people to that list that damage is likely unfair. It's not like this is the registry of sex offenders, where at least there was an actual court case to determine their registry and there are well-defined procedures for removal in case of mistakes or issues. Shouldn't we advocate for there to be a fair, just procedure for adding and removing people from the no-fly list before making it public?
The entire point of leaking the list is that the ways people are added to the list are unsupervised and unjust. Being on the list isn't a sign you've done anything wrong.
Yeah, but is the average person going to interpret it that way? I think the average person is going to think "you're on the no-fly list, you must be suspicious in some way". They shouldn't, but that's going to happen.
Since every airline has a copy of this list you can be pretty sure that anyone who wants access sufficiently already has access. Every government, including enemies of the USA, every security agency, any airline IT employee. I would say distributing it in public is fairly neutral.
> Shouldn't we advocate for there to be a fair, just procedure for adding and removing people from the no-fly list before making it public?
Absolutely there should be this advocacy, but I don't see how that's connected to whether it is public or not.
Most innocent people on this list wouldn't have standing to get removed from this list because they wouldn't have been able to prove they were on it before it was leaked.
I did some googling and couldn't find any examples of that, or any legal commentary suggesting that is the case. According to this ACLU page there is a standard process for you to determine whether or not you are on the list: https://www.aclu.org/know-your-rights/what-do-if-you-think-y... . At least if you're a U.S. citizen or lawful permanent resident that provides you official recognition of whether or not you are on the list. And even if you aren't a US citizen or lawful permanent resident, would a leaked list actually hold up in court?
I'm honestly surprised it's taken this long for one of these lists to be leaked. Many businesses are required to pull this and many other lists into their applications to approve/deny people and this is not just airlines. For the longest time these lists were on an unencrypted FTP server with a simple username/pw. I only had to deal with this because one of our firewalls did not play well with FTP. I tried to convince them to use HTTPS or SFTP. Hopefully they have at least done that by now.